Optical network terminal management control interface-based passive optical network security enhancement

ABSTRACT

A network component comprising at least one processor coupled to a memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the attributes provide security features for the ONU and an optical line terminal (OLT). Also included is an apparatus comprising an ONU configured to couple to an OLT and comprising an OMCI ME, wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, and wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority to U.S. Provisional PatentApplication No. 61/230,520 filed Jul. 31, 2009 by Frank Effenberger andentitled, “Optical Network Terminal Management Control Interface-BasedGigabit-Passive Optical Network Security Enhancement,” which isincorporated herein by reference as if reproduced in its entirety.

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT

Not applicable.

REFERENCE TO A MICROFICHE APPENDIX

Not applicable.

BACKGROUND

A passive optical network (PON) is one system for providing networkaccess over “the last mile.” The PON is a point to multi-point networkcomprised of an optical line terminal (OLT) at the central office, anoptical distribution network (ODN), and a plurality of optical networkunits (ONUs) at the customer premises. Downstream data transmissions arebroadcast to all of the ONUs, while upstream data transmissions aretransmitted to the OLT using time division multiple access (TDMA) orwave division multiple access (WDMA). PON systems, such as Gigabit PONs(GPONs), may support some security features to protect user data, e.g.for the downstream broadcast. For example, the broadcast transmissionsfrom the OLT to the ONU may be encrypted.

SUMMARY

In one embodiment, the disclosure includes a network componentcomprising at least one processor coupled to a memory and configured toexchange security information using a plurality of attributes in amanagement entity (ME) in an ONU via an ONU management control interface(OMCI) channel, wherein the attributes provide security features for theONU and an OLT.

In another embodiment, the disclosure includes an apparatus comprisingan ONU configured to couple to an OLT and comprising an OMCI ME, whereinthe OMCI ME comprises a plurality of attributes that support a pluralityof security features for transmissions between the ONU and the OLT, andwherein the attributes are communicated via an OMCI channel between theONU and the OLT and provide the security features for the ONU and theOLT.

In yet another embodiment, the disclosure includes a method comprisingexchanging a plurality of security attributes with an ONU using an OMCIchannel, thereby providing a plurality of security features forcommunications from the ONU, wherein the attributes are exchangedwithout modifying a physical layer operation, administration, andmanagement (PLOAM) channel between an OLT and the ONU.

These and other features will be more clearly understood from thefollowing detailed description taken in conjunction with theaccompanying drawings and claims.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of this disclosure, reference is nowmade to the following brief description, taken in connection with theaccompanying drawings and detailed description, wherein like referencenumerals represent like parts.

FIG. 1 is a schematic diagram of an embodiment of a PON.

FIG. 2 is a schematic diagram of an embodiment of an ONU.

FIG. 3 is a protocol diagram of an embodiment of an authenticationmessage exchange sequence.

FIG. 4 is a schematic diagram of an embodiment of a plurality of ONUstates.

FIG. 5 illustrates a schematic diagram of an embodiment of ageneral-purpose computer system.

DETAILED DESCRIPTION

It should be understood at the outset that although an illustrativeimplementation of one or more embodiments are provided below, thedisclosed systems and/or methods may be implemented using any number oftechniques, whether currently known or in existence. The disclosureshould in no way be limited to the illustrative implementations,drawings, and techniques illustrated below, including the exemplarydesigns and implementations illustrated and described herein, but may bemodified within the scope of the appended claims along with their fullscope of equivalents.

In PON systems, downstream broadcast transmissions from the OLT to theONU may be susceptible to security threats, such as an ‘eavesdroppingthreat’ that may be attempted by a user with malicious intent. Forexample, an unsubscribed user may attempt to receive unauthorizedchannels and/or timeslots from the OLT. To overcome such securitythreats, downstream broadcasts are typically encrypted. Upstreamtransmissions may also be encrypted. However, upstream transmissions maybe more secure than downstream broadcast transmissions since legitimateor authorized ONUs cannot receive upstream transmissions from other ONUsdue to the physical architecture of the PON and the directional natureof optical signals. Therefore, privileged information is typicallytransmitted upstream from the ONUs in clear text format, e.g. withoutencryption. However, enhanced attack methods, such as tapping opticaltransmission cables, may still present security concerns in PON systems.Thus, security improvements for downstream and/or upstream transmissionsin PON systems may be desired, e.g. to protect encryption keys and/orother password information.

Means for providing some security improvements have been proposedpreviously, but typically require modifying the PLOAM channel. SincePLOAM processing commonly takes place at the physical layer, modifyingthe PLOAM channel may involve upgrading hardware in a plurality ofnetwork components, e.g. at the ONU and/or the OLTs. The PLOAM channelmay not be modified easily via software and may require remote fieldinstallations to update hardware in the system's components.Consequently, the previously proposed security improvements based onmodifying the PLOAM channel may not be practical or cost effective.

Disclosed herein is a method and system for providing improved securityin PON systems. The security may be improved by exchanging securityparameters and data using an OMCI channel, which may be used to providea plurality of security features. The provided security features maycomprise security capability discovery, ONU authentication, OLTauthentication, key privacy, or combinations thereof. The securityfeatures may be supported by communicating a plurality of correspondingattributes in the OMCI channel. The attributes may be added to the OMCIchannel using an OMCI ME. The security features may be provided by theOMCI via software implementations, and thus may be extensible orupgraded without substantial difficulty to accommodate system changes.As such, the security features may be provided without substantialchanges or modifications to the PLOAM channel.

FIG. 1 illustrates one embodiment of a PON 100. The PON 100 may comprisean OLT 110, a plurality of ONUs 120, and an ODN 130, which may becoupled to the OLT 110 and the ONUs 120. The PON 100 may be acommunications network that does not require any active components todistribute data between the OLT 110 and the ONUs 120. Instead, the PON100 may use the passive optical components in the ODN 130 to distributedata between the OLT 110 and the ONUs 120. The PON 100 may be a nextgeneration access (NGA) system, such as a ten Gigabit per second (Gbps)GPON (or XGPON), which may have a downstream bandwidth of about ten Gbpsand an upstream bandwidth of at least about 2.5 Gbps. Other examples ofsuitable PONs 100 include the asynchronous transfer mode PON (APON) andthe broadband PON (BPON) defined by the International TelecommunicationUnion Telecommunications Standardization Sector (ITU-T) G.983 standard,the GPON defined by the ITU-T G.984 standard, the Ethernet PON (EPON)defined by the Institute of Electrical and Electronics Engineers (IEEE)802.3ah standard, the 10G-EPON defined by the IEEE 802.3av standard, andthe Wavelength Division Multiplexed (WDM) PON (WPON), all of which areincorporated herein by reference as if reproduced in their entirety.

In an embodiment, the OLT 110 may be any device that is configured tocommunicate with the ONUs 120 and another network (not shown).Specifically, the OLT 110 may act as an intermediary between the othernetwork and the ONUs 120. For instance, the OLT 110 may forward datareceived from the network to the ONUs 120, and forward data receivedfrom the ONUs 120 onto the other network. Although the specificconfiguration of the OLT 110 may vary depending on the type of PON 100,in an embodiment, the OLT 110 may comprise a transmitter and a receiver.When the other network is using a network protocol, such as Ethernet orSynchronous Optical Networking (SONET)/Synchronous Digital Hierarchy(SDH), that is different from the PON protocol used in the PON 100, theOLT 110 may comprise a converter that converts the network protocol intothe PON protocol. The OLT 110 converter may also convert the PONprotocol into the network protocol. The OLT 110 may be typically locatedat a central location, such as a central office, but may be located atother locations as well.

In an embodiment, the ONUs 120 may be any devices that are configured tocommunicate with the OLT 110 and a customer or user (not shown).Specifically, the ONUs may act as an intermediary between the OLT 110and the customer. For instance, the ONUs 120 may forward data receivedfrom the OLT 110 to the customer, and forward data received from thecustomer onto the OLT 110. Although the specific configuration of theONUs 120 may vary depending on the type of PON 100, in an embodiment,the ONUs 120 may comprise an optical transmitter configured to sendoptical signals to the OLT 110 and an optical receiver configured toreceive optical signals from the OLT 110. Additionally, the ONUs 120 maycomprise a converter that converts the optical signal into electricalsignals for the customer, such as signals in the Ethernet protocol, anda second transmitter and/or receiver that may send and/or receive theelectrical signals to a customer device. In some embodiments, ONUs 120and optical network terminals (ONTs) are similar, and thus the terms areused interchangeably herein. Typically, the ONUs may be located atdistributed locations, such as the customer premises, but may be locatedat other locations as well.

In an embodiment, the ODN 130 may be a data distribution system, whichmay comprise optical fiber cables, couplers, splitters, distributors,and/or other equipment. In an embodiment, the optical fiber cables,couplers, splitters, distributors, and/or other equipment may be passiveoptical components. Specifically, the optical fiber cables, couplers,splitters, distributors, and/or other equipment may be components thatdo not require any power to distribute data signals between the OLT 110and the ONUs 120. Alternatively, the ODN 130 may comprise one or aplurality of processing equipment, such as optical amplifiers. The ODN130 may typically extend from the OLT 110 to the ONUs 120 in a branchingconfiguration as shown in FIG. 1, but may be alternatively configured inany other point-to-multi-point configuration.

In an embodiment, the ONUs 120 and/or the OLT 110 may communicate usingan OMCI, for instance to exchange control information in the PON 100. Assuch, the OLT may establish an OMCI channel to control some of theactivities and/or operations of the ONUs 120. The OMCI may be used tomanage one or more service defining layers. Specifically, the OMCI maymodel data flow between the OLT 110 and the ONUs 120 using aprotocol-independent management information base (MIB) comprising aplurality of MEs. Such a configuration is described in the OMCI forGPON, ITU-T G.984.4 and its amendments, which are incorporated herein byreference as if reproduced in its entirety. In the OMCI, the customerpackets may be mapped to GPON Encapsulation Method (GEM) ports usingVirtual Local Area Networking (VLAN) filtering, as described in IEEE802.1p, which is incorporated herein by reference as if reproduced inits entirety.

The OMCI at the ONU may be implemented using software, hardware, orboth, where new MEs may be added to support additional or newcapabilities, e.g. capabilities that meet different customer needs. EachME in the OMCI may comprise a data architecture that represents aresource and/or service supported by the OMCI. For example, the ME maydescribe the purpose of the ME, the relationship between the ME andother MEs, the attribute(s) of the ME, or combinations thereof. The MEmay comprise a plurality of attributes, properties, attributeproperties, or combinations thereof. The OMCI may be described in theITU-T recommendation G.983.2, entitled “ONU Management and ControlInterface Specification for B-PON,” ITU-T recommendation G.984.4,entitled “Gigabit-Capable Passive Optical Networks (G-PON): ONUManagement and Control Interface Specification,” or ITU-T recommendationG.988, entitled “ONU Management and Control Interface (OMCI)specification,” all of which are incorporated herein by reference as ifreproduced in their entirety.

In an embodiment, the OMCI may comprise an Enhanced Security Control MEthat improves security in PON systems. The Enhanced Security Control MEmay provide additional security features and/or functions, which maycomprise a security capability discovery function, an ONU authenticationfunction, an OLT authentication function, and a key privacy function.The OMCI ME may comprise a plurality of attributes, e.g. tables and/orparameters, that support the security functions, such as those describedin conjunction with FIG. 2 below.

The security capability discovery function may enable one of the OLT orthe ONU to discover the existence and/or availability of one or moresecurity capabilities of the other component. The security capabilitydiscovery function may also enable the network component to discover oneor more security algorithms that support a security capability of theother component. Additionally, the security capability function mayenable the component to select which of the security algorithms toactivate. In an embodiment, the OLT may use the security capabilitydiscovery function to inform the ONU, via the OMCI channel, of thesecurity capabilities and/or algorithms that may be provided by the OLT.The security capabilities and/or algorithms may be provided to the ONUin one or more readable and/or writeable attributes at the ONU, e.g. inthe enhanced security control ME at the ONU. The OLT may also use thesecurity capability discovery function to receive from the ONU via theOMCI channel, the security capabilities, and/or algorithms supported bythe ONU. The security capabilities and/or algorithms may be located inone or more readable attributes, e.g. in the Enhanced Security ControlME at the ONU, and may indicate the existence of a security capabilityand/or define the ONU's level of support for a particular capabilityand/or algorithm.

Additionally, the security capability discovery function may allow theOLT to specify one or more security algorithms that may be used toprovide the ONU authentication function, the OLT authenticationfunction, the key privacy function, or combinations thereof. In someembodiments, one or more of these security functioncapabilities/algorithms may be specified by an administrator instead ofthe OLT or the ONU. The security capabilities/algorithms may bespecified as part of the security capability discovery function, e.g.before initiating the ONU authentication function, the OLTauthentication function, and/or the key privacy function. Alternatively,the capabilities/algorithms may be specified as part of establishing thedifferent security functions.

The ONU authentication function may enable the OLT to verify that theONU is an authorized user and/or satisfies one or more securityqualification criteria. In an embodiment, the OLT may exchangeinformation for ONU authentication with the ONU via the OMCI channel.For instance, the ONU authentication procedure may comprise achallenge-response authentication procedure, which may be establishedbetween the OLT and the ONU using the OMCI channel. Thechallenge-response authentication procedure may be similar to theauthentication procedure described in Federal Information ProcessingStandards (FIPS) publication No. 180-3, entitled “Specifications for theSecure Hash Standard”, which is incorporated herein by reference as ifreproduced in its entirety. During a challenge-response authenticationprocedure, the OLT may send a challenge in the form of a nonce, e.g. arandom generated number, to the ONU via the OMCI channel. Subsequently,the ONU may send a response that comprises a hashed combination of thenonce and a mutually shared secret to the OLT via the OMCI channel. Forinstance, the OLT may write the nonce in the OMCI ME of the ONU, andthen read the hashed combination from the OMCI ME. The OLT mayauthenticate the ONU by verifying that the hashed combination issubstantially equal to an ONU authentication value which may becalculated by the OLT independent of the hashed combination. In someembodiments, the OLT may send an ONU authentication confirmation messageto the ONU, via the OMCI channel, after determining that the hashedcombination is substantially equal to the ONU authentication value. TheONU authentication confirmation message may indicate that the ONU hasbeen authenticated by the OLT.

The OLT authentication function may enable the ONU to verify that theOLT is a legitimate OLT, e.g. assigned to the ONU and/or satisfies oneor more security qualification criteria. In an embodiment, the ONU mayexchange information necessary for OLT authentication with the OLT viathe OMCI channel. For instance, the OLT authentication may comprise achallenge-response authentication procedure, which may be establishedbetween the OLT and the ONU using the OMCI channel. During achallenge-response authentication procedure, the ONU may send achallenge in the form of a nonce, to the OLT via the OMCI channel. Inresponse, the OLT may send a message containing a hashed combination ofthe nonce and a mutually shared secret to the ONU via the OMCI channel.For instance, the OLT may read a nonce from the OMCI ME at the ONU, andthen write the hashed combination at the OMCI ME. The ONU may comparethe hashed combination with an OLT authentication value that iscalculated by the ONU to authenticate the OLT. In some embodiments, theONU may send an OLT authentication confirmation message to the OLT viathe OMCI channel after confirming that the hashed combination issubstantially equal to the OLT authentication value. The hashedcombination and the OLT authentication value may be calculatedindependently by the OLT and the ONU, respectively. Further, the nonceand the hashed combination used in the OLT authentication procedure maybe different than the nonce and the hashed combination used in the ONUauthentication procedure.

The key privacy function may allow the OLT and the ONU to securelyexchange encryption keys. For instance, the key privacy function mayallow the OLT and the ONU to exchange encrypted key information via thePLOAM channel. The key privacy function may also allow the OLT and ONUto exchange encrypted key information via the OMCI channel. The keyinformation may comprise any information that is used to establish anencryption protocol. The key information may be associated with a publickey protocol that utilizes an asymmetric key algorithm. Some commontechniques that may be used in public-key cryptography may be describedin the IEEE standard 1363, entitled “Standard Specifications ForPublic-Key Cryptography”, which is incorporated herein by reference asif reproduced in its entirety. Public-key cryptography may comprise amethod for encrypting data using a public key and decrypting data usinga private key, where the public key may be widely distributed and theprivate key may be kept secret. In such cases, the private key may notbe derived mathematically from the public key, and as such an attackerthat does not have possession of the public key may be prevented fromdecoding an encrypted message. For instance, the key privacy functionmay allow the OLT to write a public key to the OMCI at the ONU. The ONUmay then encrypt an Advanced Encryption Standard (AES) key with thepublic key, and send the encrypted key over the PLOAM channel.Subsequently, the OLT may obtain the encrypted key and obtain the AESkey from the encrypted key.

In different embodiments, the security capability discovery function,the ONU authentication function, the OLT authentication function, andthe key privacy function may be consolidated into a singleauthentication function or performed concurrently. In some embodiments,the OLT may exchange with the ONU, via the OMCI channel, cryptographiccapabilities, authentication information, and/or key information thatbelong to the OLT and/or the ONU, e.g. by reading and/or writing aplurality of attributes in the Enhanced Security Control ME. Theattributes may be exchanged in an authentication message exchangesequence as described in detail below.

FIG. 2 illustrates one embodiment of an ONU 200, which may comprise anEnhanced Security Control ME 210. The Enhanced Security Control ME 210may comprise a plurality of ME attributes 220 (e.g. A1-AN). These MEattributes 220 may represent data structures, e.g. tables, parameters,and/or system variables, that may comprise data describing differentcharacteristics of the ONU and/or in an authentication message exchangesequence. The ME attributes 220 may comprise an ME identifier (ID)attribute, an OLT crypto capabilities attribute, an OLT random challengetable attribute, an OLT challenge status attribute, an ONU selectedcrypto capabilities attribute, an ONU random challenge table attribute,an ONU authentication result table attribute, an OLT authenticationresult table attribute, an OLT result status attribute, an ONUauthentication state attribute, a master session key name attribute, abroadcast key table attribute, an effective key length attribute, orcombinations thereof. These attributes may be used to support or providesecurity features and/or functions, such as in the security capabilitydiscovery function, the ONU authentication function, the OLTauthentication function, the key privacy function, or combinationsthereof. As such, some of the ME attributes 220 may be used separatelyin different security functions or jointly in a combined securityfunction that consolidates at least some of the security functions. Forinstance, the ME attributes 220 may be used to implement asymmetric-key-based three step authentication process.

The ME ID attribute may be used to identify each instance of theEnhanced Security Control ME 210. In an embodiment, there may be asingle instance of the Enhanced Security Control ME 210 associated withthe ONU, where the instance may have an ME ID value equal to about zero.In other embodiments, there may be multiple instances of the EnhancedSecurity Control ME 210 associated with the ONU, where each instance mayhave a different ME ID value. The ME ID attribute may be readable andabout two bytes in length.

The OLT crypto capabilities attribute may specify one or more of thecryptographic mechanisms available or supported by the OLT. In anembodiment, the OLT crypto capabilities attribute may be formatted as abitmap, where each of the bits in the bitmap may correspond to analgorithm, e.g. as shown in Table 1. Accordingly, a bit may be set toabout one to indicate that a corresponding cryptographic orauthentication algorithm is supported by the OLT, or to about zero toindicate that the corresponding algorithm is not supported by the OLT.The OLT crypto capabilities attribute may be writeable and about 16bytes in length. In some cases, each bit in the OLT crypto capabilitiesattribute may be set to about zero to indicate that the OLT does notsupport any algorithms.

Table 1 describes an embodiment of the OLT crypto capabilities attributebitmap. Specifically, different bit positions in the bitmap maycorrespond to different cryptographic algorithms. For example, bitposition one (the least significant bit (LSB)) may correspond to anAES-Cipher-based Message Authentication Code (CMAC)-128 algorithm, bitposition two may correspond to an HMAC-SHA-256 algorithm, bit positionthree may correspond to a Hash-based Message Authentication Code(HMAC)-Secure Hash Algorithm (SHA)-512 algorithm, and bit positions fourto about 128 may be reserved.

TABLE 1 Bit position Algorithm 1 (LSB) AES-CMAC-128 2 HMAC-SHA-256 3HMAC-SHA-512 4-128 Reserved

The OLT random challenge table attribute may specify a random challengeissued by the OLT during an authentication sequence. In an embodiment,the OLT random challenge table attribute may be a table that comprises Nentries (N is an integer), which may be determined by an administrator.Each entry in the data table may have a fixed length, e.g. about 17bytes, where the first byte of each entry may comprise an entry index orentry identifier and the remaining bytes of each entry may comprisecontent. The OLT may write the entries in the table and then trigger theONU to process the table entries, e.g. using the OLT challenge statusattribute. Since the OLT random challenge table attribute may have avariable number of entries (e.g. N), the length and therefore thecomplexity of the random challenge may be increased to improve thesecurity of the authentication function if needed. The OLT randomchallenge table attribute may be readable, writeable, and about 17×Nbytes in length.

The OLT challenge status attribute may be used to control and report thestatus of the OLT crypto capabilities attribute and/or the OLT randomchallenge table attribute. In an embodiment, the OLT challenge statusattribute may be a boolean attribute that may be set to a first or trueboolean value (e.g. about one) when the OLT crypto capabilitiesattribute and/or the OLT random challenge table attribute are completeor to a second or false boolean value (e.g. about zero) when the OLTcrypto capabilities attribute and/or the OLT random challenge tableattribute are not complete. For instance, the OLT may set the OLTchallenge status attribute to the false value (e.g. about zero) beforeor while writing to the OLT crypto capabilities attribute and/or the OLTrandom challenge table attribute. Subsequently, the OLT may set the OLTchallenge status attribute to a true value (e.g. about one) uponcompleting the process of writing to the OLT crypto capabilitiesattribute and/or the OLT random challenge table attribute. The OLT mayset the OLT challenge status attribute to the false value, write aplurality of entries in the OLT crypto capabilities attribute and/or theOLT random challenge table attribute, set the OLT challenge statusattribute to the true value, and thus trigger the ONU to process thecontents of the OLT crypto capabilities attribute and/or the OLT randomchallenge table attribute. The OLT challenge status attribute may bereadable, writeable, and about one byte in length.

The ONU selected crypto capabilities attribute may specify acryptographic capability that is selected by the ONU, e.g. in anauthentication sequence. The ONU selected crypto capabilities attributemay be set to a value that indicates an algorithm supported by the OLT,e.g. in the OLT crypto capabilities attribute. The value may specify oneof the bit positions that was set to about one in the OLT cryptocapabilities attribute.

The ONU random challenge table attribute may specify a random challengeissued by the ONU during the authentication sequence. In an embodiment,the ONU random challenge table attribute may be a table that comprises Pentries (P is an integer), which may be set by an administrator. Eachentry in the data table may have a fixed length, e.g. about 16 bytes,where the first byte of each entry may comprise an entry index or entryidentifier and the remaining bytes of each entry may comprise content.The ONU may write the ONU random challenge table attribute in responseto the OLT generating the OLT challenge status attribute. Aftergenerating the ONU random challenge table attribute, the ONU may notifythe OLT, e.g. using an attribute value change (AVC) action, that thechallenge table is established to trigger the OLT to begin aget/get-next sequence to obtain the table's content. Since the ONUrandom challenge table attribute may have a variable number of entries,the length and therefore the complexity of the random challenge may beincreased to improve the security of the authentication function. TheONU random challenge table attribute may be readable and about 16×Pbytes in length.

The ONU authentication result table attribute may specify a result ofthe authentication challenge from the ONU according to the ONU'sselected crypto capabilities attribute. The value of the ONUauthentication result table attribute may be generated using a hashfunction selected by the ONU, such as:

-   -   SelectedHashFunction (PSK,        (ONU_selected_crypto_capabilities|OLT_random_challenge_table|ONU_random_challenge_table|0X0000        0000 0000 0000)),        where “|” denotes concatenation and        ONU_selected_crypto_capabilities represents the crypto        capabilities selected by the ONU.

In an embodiment, the ONU authentication result table attribute may be adata table that comprises Q entries (Q is an integer), which may bedetermined by an administrator. Each entry in the data table may have afixed length, e.g. about 16 bytes. The ONU may write the ONUauthentication result table attribute in response to the OLT generatingthe OLT challenge status attribute. After generating the ONUauthentication result table attribute, the ONU may notify the OLT, e.g.using an AVC message or notification, that the table is established totrigger the OLT to begin a get/get-next sequence to obtain the table'scontent. Since the ONU authentication response table attribute may havea variable number of entries, the length and therefore complexity of thehash combination may be increased to improve the security of the ONUauthentication function if needed. The ONU authentication result tableattribute may be readable and about 16×Q bytes in length.

The OLT authentication result table attribute may specify a result ofthe authentication calculation from the OLT. The value of the OLTauthentication result table attribute may be generated using a hashfunction selected by the OLT, such as:

-   -   SelectedHashFunction (PSK,        (ONU_selected_crypto_capabilities|ONU_random_challenge_table|OLT_random_challenge_table|ONU_serial_number)),        where ONU_serial_number is the serial number of the ONU ME,        which may be specified by an ONU serial number attribute.

In an embodiment, the OLT authentication result table attribute may be adata table that comprises R entries (R is an integer), which may be setby an administrator. Each entry in the data table may have a fixedlength, e.g. about 17 bytes, where the first byte of each entry maycomprise an entry index or entry identifier and where the remainingbytes of each entry may comprise content. The OLT may write the entriesin the OLT authentication result table attribute and then trigger theONU to process the table with the OLT result status attribute. Since theOLT authentication result table may have a variable number of entries,the length and therefore the complexity, of the result may be increasedto improve the security of the OLT authentication function as needed.The OLT authentication response table may be writeable and about 17×Rbytes in length.

The OLT result status attribute may be used to control and/or report thestatus of the OLT authentication result table attribute. In anembodiment, the OLT result status attribute may be a boolean attributethat may be set to a true value of about one when the ONU authenticationresult table attribute is complete or to a false boolean value of aboutzero when the ONU authentication result table attribute is not complete.For instance, the OLT may set the OLT result status attribute to false(e.g. about zero) before or while writing to the OLT authenticationresult table attribute, and subsequently to true (e.g. about one) uponcompleting the process of writing the result to the OLT authenticationresult table attribute. The OLT may set the OLT authentication resultstatus attribute to false write a plurality of entries to the OLTauthentication result table attribute, set the OLT result statusattribute to true, and thus trigger the ONU to process the OLT resulttable attribute. The OLT result status attribute may be readable,writeable, and about one byte in length.

The ONU authentication state attribute may indicate the state of theauthentication relationship from the perspective of the ONU. The ONUauthentication state attribute may have a value of about zero toindicate that the ONU is in an inactive state S0, e.g. where theauthentication procedure is not active. The ONU authentication stateattribute may have a value of about one to indicate that the ONU is inan OLT challenge pending state S1, e.g. when the authenticationprocedure is in process. The ONU authentication state attribute may havea value of about two to indicate that the ONU is in an ONU challengepending state S2. The ONU authentication state attribute may have avalue of about three to indicate that the ONU is in an authenticationsuccess state S3, e.g. when the authentication procedure is completedand the ONU has authenticated the OLT. The ONU authentication stateattribute may have a value of about four to indicate that the ONU is inan authentication failure state S4, e.g. when the authenticationprocedure is completed and the ONU has not authenticated the OLT.Alternatively, the ONU authentication state attribute may have a valueof about five to indicate that the ONU is in an authentication errorstate S5, e.g. when the authentication procedure has started but couldnot be completed. When the ONU authentication attribute has a value ofabout three, e.g. in the authentication success state S2, a plurality ofencryption keys may be exchanged in their encrypted form, e.g. using amaster session key as described in G.984 or a key encryption key asdescribed in G. 987, both of which are incorporated herein as ifreproduced in their entirety. The OLT may check the value of the ONUauthentication state attribute before initiating a key switch.Additionally, the OLT may be alerted of a change in the status of theONU authentication state attribute, e.g. a change from state S1 to stateS2, by receiving an AVC message or notification from the ONU via theOMCI channel. The ONU authentication state attribute may be readable and1 byte in length.

The master session key name attribute may comprise the name of thecurrent session key, e.g. after a successful authentication. A mastersession key may be defined by a hash function selected by the ONU, suchas

SelectedHashFunction (PSK, (OLT_random_challenge|ONU_random_challenge)).

The master session key name attribute may be defined as:

-   -   SelectedHashFunction (PSK,        (ONU_random_challenge|OLT_random_challenge|0x 3141 5926 5358        9793 3141 5926 5358 9793)),        where the number 0x 3141 5926 5358 9793 3141 5926 5358 9793 is        an example of an ONU serial number. If the selected hash        function generates more then about 128 bits, the result may be        truncated to the leftmost, e.g. the most significant, about 128        bits. Upon the termination of a master sessions key, e.g. due to        an ONU reset or ONU local decision that the master key has        expired, the ONU may set the master session key name attribute        to a sequence of about zero. The master session key name        attribute may be readable and about 16 bytes in length.

The broadcast key table attribute may comprise a broadcast key generatedby the OLT. The broadcast key table attribute may comprise a table thatcomprises one or more rows. Each row may comprise a row control portion,a row identifier portion, and a key fragment portion. The row controlmay comprise about one byte, the row identifier may also comprise aboutone byte, and the key fragment may comprise about 16 bytes. As such, thebroadcast key table attribute may be readable and writeable, optional,and about 18*N bytes in length.

The row control may describe the action to be taken on a specified row,e.g. the row specified by the row identifier. About two LSBs in the rowcontrol may determine the attribute's behavior under a set action, e.g.as shown in Table 2. In Table 2, the two LSBs may be set to about 00 toset the specified row, to about 01 to clear the specified row, to about10 to clear the entire table, or to about 11 to indicate a reservedentry. Further, about four most significant bits (MSBs) in the rowcontrol may specify the length of the corresponding key fragment. Theremaining two bits in the row control may be reserved. The two LSBs ofthe row control may be read as about zero under the get-next action andmay behave in a manner consistent with Table 2 under the set action.

TABLE 2 LSBs Behavior under set action 00 Set the specified row. 01Clear the specified row. 10 Clear the entire table. 11 Reserved

The row identifier may identify the specified row. About two MSBs in therow identifier may represent the key index, which may appear at theheader of an encrypted multicast GPON Encapsulation Method (GEM) frame.A key index of about zero may indicate a clear text, and thus may notappear in the row identifier. About four LSBs in the row identifier mayidentify the key fragment number and may start from about zero. Theremaining about two bits in the row identifier may be reserved. The keyfragment may comprise a specified key portion, e.g. specified by theONU. For example the key portion may be encrypted with theAES-Electronic codebook (ECB) using key encrypt key (KEK).

The effective key length attribute may specify a maximum effectivelength (e.g. in bits) of the keys generated by the ONU. The effectivekey length attribute may be readable, optional, and about two bytes inlength.

Additionally or alternatively, the ME attributes 220 may comprise anauthentication capability attribute, an ONU authentication selectionattribute, an ONU authentication nonce table attribute, an ONUauthentication nonce status attribute, an ONU authentication responsetable attribute, or combinations thereof. The ME attributes 220 may alsocomprise an OLT authentication selection attribute, an OLTauthentication nonce table attribute, an OLT authentication responsetable attribute, an OLT authentication response status attribute, an OLTpublic key capability attribute, an OLT public key selection attribute,an OLT public key table attribute, an OLT public key table attribute, orcombinations thereof.

The authentication capability attribute may specify the authenticationmechanisms available at the ONU and/or the authentication algorithmssupported by the ONU. In an embodiment, the authentication capabilityattribute may be formatted as a bitmap, where some or all of the bits inthe bitmap may correspond to an authentication algorithm, for exampleaccording to Table 3. Accordingly, a bit may be set to about one toindicate that a corresponding authentication algorithm is supported bythe ONU, or to about zero to indicate that the correspondingauthentication algorithm is not supported by the ONU. The authenticationcapability attribute may be readable and about 16 bytes in length. Insome cases, each bit in the authentication capability attribute may beset to about zero to indicate that no authentication algorithms aresupported by the ONU.

TABLE 3 Bit position (LSB = 1, MSB = 64) Algorithm Supported 0 SHA3 1MD5

The ONU authentication selection attribute may specify an authenticationalgorithm to be used during the ONU authentication function. Forinstance, the ONU authentication selection attribute may be set to avalue that indicates an authentication algorithm supported by the ONU.The value may indicate an authentication algorithm that may be listed inthe authentication capability attribute. The ONU authenticationselection attribute may be used to instruct the ONU to use thecorresponding authentication algorithm to generate a hash combination,e.g. during the implementation of ONU authentication function. The ONUauthentication selection attribute may be readable, writeable, and aboutone byte in length. The ONU authentication selection attribute may alsobe set to about zero to indicate that no authentication algorithm isused in the ONU authentication function.

The ONU authentication nonce table attribute may specify a nonce that isused for the ONU authentication function. The nonce may be a random orpseudo-random number generated for the purpose of increasing thesecurity of the ONU authentication function. In an embodiment, the ONUauthentication nonce table may be a data table that comprises N entries(N is an integer) that may be determined by an administrator. Each entryin the data table may have a fixed length, e.g. about 25 bytes, wherethe first byte of each entry may comprise an entry index or entryidentifier and the remaining bytes of each entry may comprise content.Since the ONU authentication nonce table may have a variable number ofentries (e.g. N), the length and therefore the complexity of the noncemay be increased to improve the security of the ONU authenticationfunction if needed. The ONU authentication nonce table may be readableand about 25×N bytes in length.

The ONU authentication nonce status attribute may be used to control andreport the status of the ONU authentication nonce table attribute duringthe ONU authentication function. In an embodiment, the ONUauthentication nonce status attribute may be set to a first or trueboolean value (e.g. about one) when the ONU authentication table iscomplete or to a second or false boolean value (e.g. about zero) whenthe ONU authentication table is incomplete. For instance, the OLT mayset the ONU authentication nonce status to the false value of about zeroupon initiating the process of writing the nonce to the ONUauthentication nonce table attribute, and subsequently to a true valueof about one upon completing the process of writing the nonce to the ONUauthentication nonce table attribute. In an embodiment, the OLT may setthe ONU authentication nonce status attribute to the false value, writea plurality of entries in the ONU authentication nonce table attribute,set the ONU authentication nonce status attribute to the true value, andthus trigger the ONU to process the ONU authentication nonce tableattribute. The ONU authentication nonce status attribute may bereadable, writeable, and about one byte in length.

The ONU authentication response table attribute may specify a response,e.g. the hash combination, that may be used in the ONU authenticationfunction. The ONU authentication response table attribute may comprise ahash combination that is calculated by the ONU. The hash combination maybe calculated by processing the nonce, e.g. the contents of the ONUauthentication nonce table attribute, using an authentication algorithmthat is specified by the ONU authentication selection attribute. The OLTmay obtain the hash combination by reading the ONU authenticationresponse table attribute. The OLT may then authenticate the ONU byconfirming that the hash combination is substantially equal to ONUauthentication value. In an embodiment, the ONU authentication responsetable attribute may be a data table that comprises M entries (M is aninteger) that may be determined by an administrator. Each entry in thedata table may have a fixed length, e.g. about 25 bytes, where the firstbyte of each entry may comprise an entry index or entry identifier andthe remaining bytes of each entry may comprise content. Since the ONUauthentication response table attribute may have a variable number ofentries, the length and therefore complexity of the hash combination maybe increased to improve the security of the ONU authentication functionif needed. The ONU authentication response table attribute may bereadable and about 25×M bytes in length.

The OLT authentication selection attribute may specify an authenticationmechanism to be used during the OLT authentication function. In anembodiment, the OLT authentication selection attribute may be set to avalue that indicates an authentication algorithm supported by the ONU.The value may correspond to an authentication algorithm listed in theauthentication capability attribute. The OLT authentication selectionattribute may instruct the ONU to use a specified authenticationalgorithm to generate a hash combination during the OLT authenticationfunction. The OLT authentication selection attribute may be readable,writeable, and about one byte in length. The OLT authenticationselection attribute may also be set to about zero to indicate that noauthentication algorithm is used during the OLT authentication function.

The OLT authentication nonce table attribute may specify a nonce to beused in the OLT authentication function. The nonce may be generated toimprove the security of the OLT authentication function. In anembodiment, the OLT authentication nonce table may be a data table thatcomprises P entries (P is an integer) that may be set by anadministrator. Each entry in the data table may have a fixed length,e.g. about 25 bytes, where the first byte of each entry may comprise anentry index or entry identifier and the remaining bytes of each entrymay comprise content. Since the OLT authentication nonce table attributemay have a variable number of entries, the length and therefore thecomplexity of the nonce may be increased to improve the security of theOLT authentication function. The ONU authentication nonce tableattribute may be readable and about 25×P bytes in length.

The OLT authentication response table attribute may specify theresponse, e.g. the hash combination, to be used in the OLTauthentication function. The OLT authentication response table attributemay comprise the hash combination that may be calculated by the OLT. TheOLT may calculate the hash combination by processing the nonce in theOLT authentication nonce table attribute using the authenticationalgorithm specified in the OLT authentication selection attribute. Assuch, the ONU may read the OLT authentication response table attributeto obtain the hash combination value. The ONU may then authenticate theOLT by confirming that the hash combination value is substantiallysimilar to an OLT authentication value. In an embodiment, the OLTauthentication response table may be a data table that comprises Qentries (Q is an integer) that may be set by an administrator. Eachentry in the data table may have a fixed length, e.g. about 25 bytes,where the first byte of each entry may comprise an entry index or entryidentifier and where the remaining bytes of each entry may comprisecontent. Since the ONU authentication response table may have a variablenumber of entries, the length and therefore the complexity, of the hashcombination may be increased to improve the security of the OLTauthentication function as needed. The OLT authentication response tablemay be readable and about 25×Q bytes in length.

The OLT authentication response status attribute may be used to controland/or report the status of the OLT authentication response tableattribute during the OLT authentication function. In an embodiment, theOLT authentication response status attribute may be set to a trueboolean value of about one when the ONU authentication table is completeor to a false boolean value of about zero when the ONU authenticationtable is incomplete. For instance, the OLT may set the OLTauthentication response status to false, e.g. about zero, uponinitiating the process of writing the nonce to the OLT authenticationresponse table attribute, and subsequently to true, e.g. about one, uponcompleting the process of writing the nonce to the OLT authenticationresponse table attribute. In an embodiment, the OLT may set the OLTauthentication response status attribute to false, e.g. about zero,write a plurality of entries to the OLT authentication response tableattribute, set the OLT authentication response status attribute to true(e.g. about one), and thus trigger the ONU to process the OLTauthentication response table attribute accordingly. The OLTauthentication response status attribute may be readable, writeable, andabout one byte in length.

The OLT public key capability attribute may specify the public keymechanisms available at the ONU 200. In an embodiment, the OLT publickey capability attribute may be formatted as a bitmap, where some or allof the bits in the bitmap may correspond to a specific public keyalgorithm, for example according to Table 4. For instance, a bit set toabout one may indicate that the corresponding public key algorithm issupported by the ONU and a bit set to about zero may indicate that thecorresponding public key algorithm is not supported by the ONU 200. TheOLT public key capability attribute may be readable and about 16 bytesin length. In some embodiments, each bit in the OLT public keycapability attribute may be set to about zero to indicate that no publickey algorithms are supported by the OLT 200.

TABLE 4 Bit position (LSB = 1, MSB = 64) Algorithm Supported 0Rivest-Shamir-Adleman (RSA) 1 Elliptic Curve

The OLT public key selection attribute may specify the public keymechanism to use during the key privacy function. In an embodiment, theOLT public key selection attribute may be set to a value that indicatesan authentication algorithm supported by the ONU 200, e.g. as specifiedby the OLT public key capability attribute. In an embodiment, the OLTpublic key selection attribute may be used to instruct the ONU to usethe specified public key algorithm to encrypt the AES key during the keyprivacy function. The OLT public key selection attribute may bereadable, writeable, and about one byte in length. In some embodiments,the OLT public key selection attribute may be set to about zero toindicate that no public key algorithm is used.

The OLT public key table attribute may specify the public key to be usedduring the key privacy function. In an embodiment, the OLT may write thepublic key to the OLT public key table attribute. The OLT public keytable attribute may be a table that comprises R entries (R is aninteger) that may be by an administrator. Each entry in the table mayhave a fixed length, e.g. about 25 bytes, where the first byte of eachentry may comprise an entry index or entry identifier and where theremaining bytes of each entry may comprise content. Since the OLT publickey table attribute may have a variable number of entries, the lengthand therefore the complexity of the public key may be increased toimprove the security of the key privacy function as needed. The OLTpublic key table attribute may be readable, writeable, and about 25×Rbytes in length.

The OLT public key status attribute may be used to control and/or reportthe status of the OLT public key table attribute during the key privacyfunction. In an embodiment, the OLT public key status attribute may beset to a true boolean value, e.g. about one, when the public key tableis complete or to a false boolean value, e.g. about zero, when thepublic key table is incomplete. For instance, the OLT may set the OLTpublic key status to false, e.g. about zero, upon initiating the processof writing the public key to the OLT public key table attribute, andsubsequently set the OLT public key status to true, e.g. about one, uponcompleting the process of writing the public key to the OLT public keytable attribute. In an embodiment, the OLT may set the OLT public keystatus attribute to false, e.g. about zero, write a plurality of entriesto the OLT public key table attribute, set the OLT public key statusattribute to true, e.g. about one, and thus trigger the ONU to processthe OLT public key table attribute accordingly. The OLT authenticationresponse status attribute may be readable, writeable, and about one bytein length.

The OLT may use various actions, e.g. instruction types, whencommunicating with the ONU via the OMCI channel, such as a get action, aget-next action, and a set action. The get action may allow the OLT toread one or more attributes of the OMCI ME at the ONU, the get-nextaction may allow the OLT to read a string or collection of attributes ofthe OMCI ME, and the set action may allow the ONU to write to one ormore attributes of the OMCI ME.

The OLT may also receive one or more OMCI notifications during thesecurity functions. The OMCI notifications may be received in the formof AVC messages, which may be communicated via the OMCI channel. EachAVC message may have a numerical value, that may correspond to adifferent message type, e.g. as shown in Table 5A or 5B. For instance,as shown in Table 5A, an AVC message associated with the ONU randomchallenge table attribute may be assigned a value of about five. An AVCmessage associated with the ONU authentication result table attributemay be assigned a value of about six. An AVC message associated with theONU authentication status attribute may be assigned a value of about 10.The remaining values, e.g. from about one to about four, from aboutseven to about nine, and from about eleven to about sixteen, may bereserved.

TABLE 5A Attribute Number value change Description  1 . . . 4 Reserved 5 ONU random A new ONU challenge has been loaded challenge table intothe table for the OLT to retrieve  6 ONU authentication A new ONUresponse has been loaded result table into the table for the OLT toretrieve  7 . . . 9 Reserved 10 ONU authentication The ONUauthentication status has status changed 11 . . . 16 Reserved

TABLE 5B Number Attribute value change Description  1 . . . 7 N/A  8 ONUauthentication A new ONU response has been loaded response change intothe table for the OLT to retrieve  9 OLT authentication A new ONU noncehas been loaded nonce change into the table for the OLT to retrieve10-13 N/A 14 . . . 16 Reserved

In an embodiment, the Enhanced Security Control ME may comprise aplurality of facilities to perform a conventional three step hash-basedauthentication sequence, e.g. as described in the InternationalStandards Organization (ISO)/International Electrotechnical Commission(IEC) publication 9798-4 entitled, “Information technology—SecurityTechniques—Entity Authentication—Part 4: Mechanisms using acryptographic check function”, which is incorporated herein by referenceas if reproduced in its entirety. The conventional three stepauthentication sequence may be used in DSL systems that employ aMS-CHAPv2 protocol, or other systems that may use get and set messages.The logical structure of the conventional three step sequence maycomprise messages, e.g. message 1, message 2, and message 3, such as:

-   -   Message 1: (Peer 1→peer 2)        my_cryptographic_capabilities|random_challenge_(—)1,    -   Message 2: (Peer 2→peer 1):        selected_cryptographic_capabilities|random_challenge_(—)2|MsgHash        (PSK,        (selected_cryptographic_capabilities|random_challenge_(—)1|random_challenge_(—)2,        peer_(—)1_identity)), and    -   Message 3: (Peer 1→peer 2): MsgHash (PSK,        (selected_cryptographic_capabilities|random_challenge_(—)2|random_challenge_(—)1|peer_(—)2_identity)),        where MsgHash ( ) is a keyed hash function of the message, PSK        is the pre-shared key known only to the peers of the session,        Peer_(—)1_identity is set to about 0x0000 0000 0000 0000, and        Peer_(—)2_identity is the ONU serial number.

One prerequisite for using the three-step hash-based authenticationsequence may be the availability of a pre-shared secret (PSK). A PSK ofabout 128 bits may simplify the application of security algorithms basedon an AES-128 (e.g. AES-CMAC-128). A PSK may be associated with an ONUand may be stored at that ONU and at the operator infrastructure. On theoperator side, the PSK for the ONU may be stored in the OLT that iscoupled to the ONU or at a central server that the OLT may access duringauthentication. The configuration of the PSK into the ONU and into theoperator infrastructure may be performed in any manner that satisfiesthese requirements.

FIG. 3 illustrates an embodiment of an authentication message exchangesequence 300, which may be established between the OLT and the ONU inthe OMCI channel. The authentication message exchange sequence 300 mayprovide improved security in PON systems, e.g. for upstream anddownstream transmissions. The authentication message exchange sequence300 may comprise various actions, which may be implemented by the OLT,to communicate with the ONU via the OMCI channel and access the EnhancedSecurity Control ME. For instance, the OLT may write to various EnhancedSecurity Control ME attributes (e.g. ME attributes 220) by using the setaction. The OLT may perform multiple set operations as needed to writemultiple entries to one or more attributes by using the set action. TheOLT may read from various Enhanced Security Control ME attributes byusing the get function, which may trigger a get_response message thatobtains the contents or part of the contents of one or more EnhancedSecurity Control ME attributes. Additionally, the OLT may receive one ormore OMCI notifications in the form of AVC messages.

The authentication message exchange sequence 300 may begin at step 302,where the OLT may write to the OLT crypto capabilities attribute and/orthe OLT random challenge table attribute using a set action. At step304, the OLT may write a true value, e.g. about one, to the OLTchallenge status attribute using a set action to indicate to the ONUthat the OLT crypto capabilities attribute and/or the OLT randomchallenge table attributes are established. At step 306, the OLT mayreceive from the ONU an AVC message that notifies the OLT that the ONUrandom challenge table attribute is established. At step 308, the OLTmay receive from the ONU an AVC message that notifies the OLT that theONU authentication result table attribute is established.

At step 310, the OLT may request the ONU selected crypto capabilitiesattribute, the ONU random challenge table attribute, the ONUauthentication result table attribute, or a combination thereof from theONU using a get action. At step 312, the ONU may respond to the OLT bysending the requested information using a get_response action. At step314, the OLT may write to the OLT authentication result table attributeusing a set action. At step 316, the OLT may write a true value to theOLT result status attribute using a set action. At step 318, the OLT mayreceive from the ONU an AVC message that notifies the OLT that the ONUauthentication status attribute is established. At step 320, the OLT mayrequest the master session key name attribute from the ONU using a getaction. At step 322, the ONU may respond to the OLT by sending therequested information using a get_response action. The authenticationmessage exchange may then end.

FIG. 4 illustrates an embodiment of a plurality of ONU states 400. TheONU states 400 may be specified by a state machine, which may operatestate O5 as defined in ITU-T G.784.3 and G987.3, which are incorporatedherein by reference as if reproduced in their entirety. Initially atblock 410, the ONU may be in an inactive state (S0), e.g. after the ONUregistration. The state S0 may be indicated by the ONU authenticationstate attribute using a value of about zero. The OLT may then initiatean authentication process by writing a challenge to the OLT randomchallenge table attribute at the OMCI ME at the ONU.

At block 420, the OLT may enter a challenge pending state (S1), e.g.after the OLT writes its challenge to the OLT random challenge tableattribute. The OLT challenge pending state (S1) may be indicated by theONU authentication state attribute using a value of about one. Duringthe state S1, the ONU may select the ONU random challenge attribute,and/or calculate the ONU authentication result table attribute, and theOLT may not write a new value into the OLT random challenge tableattribute. The ONU may then transition to an ONU challenge pending state(S2) after selecting the ONU random challenge attribute and/orcalculating the ONU authentication result table attribute. If the ONU isunable to perform the operations necessary to transition to the stateS2, then the ONU may transition to an authentication error state (S5)instead of the state S2.

At block 430, the ONU may enter the state S2, e.g. after selecting theONU random challenge attribute and/or calculating the ONU authenticationresult table attribute. The state S2 may be indicated by the ONUauthentication state attribute using a value of about two. During thestate S2, the ONU may wait for the OLT to read the relevanttables/attributes, e.g. the ONU selected crypto capabilities attribute,the ONU random challenge table attribute, the ONU authentication resulttable attribute, or combinations thereof, and write the result of theONU's authentication challenge to the OLT authentication result tableattribute. The OLT's response may be time limited. For instance, the OLTmay need to respond to the ONU's authentication challenge before a timerperiod (T1) expires. For example, T1 may be set to expire in about threeseconds. If the OLT fails to respond during the state S2 before T1expires, the ONU may transition to the state S5. If the OLT respondsbefore T1 expires, e.g. by writing the result of the ONU'sauthentication challenge into the ONU authentication result tableattribute, then the ONU may transition to an authentication successstate (S3) or an authentication failure state (S4), depending on whetheror not the OLT was authenticated successfully by the ONU. If the resultis substantially the same as an OLT authentication value, then the OLTmay have been authenticated successfully by the ONU and the ONU maytransition to the state S3. If the result is not the same as the OLTauthentication value, then the OLT may not have been authenticatedsuccessfully and the ONU may transition to the state S4. While the ONUis in the state S2, the OLT may not write a new value into the OLTrandom challenge table attribute.

Before entering the state S3 at block 440, the ONU may set a valid valuefor the master session key name attribute. In the state S3, the OLT mayread the master session key name attribute upon receiving an AVC messagefrom the ONU that indicates to the OLT that the ONU authenticationstatus attribute value has been changed to state S3 value, e.g. using avalue of about three. Waiting for the AVC notification before readingthe master session key name attribute may allow the OLT to guaranteethat the ONU is synchronized and the new key is ready to be utilizedwithin the Transmission Container (TC) layer PLOAM function.

The authentication failure state S4 at block 450 may be indicated by theONU authentication state attribute using a value of about four. Duringthe state S4, the ONU and/or the OLT may abandon the presentauthentication attempt. The authentication failure state S4 may signifythat the authentication procedure has failed for some reason, e.g.because of a PSK mismatch. The ONU may transition from the state S4 tothe state S0 after a predetermined period of time (T2) has elapsed, e.g.after about one second.

The state S5 may be indicated by the ONU authentication state attributeusing a value of about five. During the state S5 (Block 460), the ONUand/or the OLT may abandon the present authentication attempt. The stateS5 may signify that the authentication procedure was started but couldnot be completed, e.g. due to a communication error, such as a loss ofconnection. The ONU may transition from the state S5 to the state S0after a predetermined period of time (T3) has elapsed, e.g. after aboutone second.

In an embodiment, the OLT may be configured to synchronize with a TClayer, e.g. at the PLOAM, and achieve other security considerations,e.g. as in G.984 systems. When the ONU is in an authenticated state, theONU may use its master session key to encrypt the key transmitted in anencryption_key PLOAM message. The master session key may be defined as:

-   -   MasterSessionKey=SelectedHashFunction (PSK, (OLT        random_challenge|ONU random challenge)),        where SelectedHashFunction ( ) is the hash function selected by        the ONU in the ONU selected crypto capabilities attribute from a        list supplied by the OLT.

In some cases, the encryption of the encryption key may be implementedusing an AES-128 key in ECB mode. Since the encryption key carried inthe encryption key PLOAM message may not be protected against forgery,there may be a possibility that the key may be forged or replayed by anattacker. Both forged and replayed keys may be detected using keysynchronization mechanisms. However, a replay attack may force the OLTto use an old encryption key, which may violate the securityrequirements of downstream data encryption. Consequently, an OLTdesigned to resist a replay attack may ensure that the ONU does not senda previously used encryption key between authentication cycles.

The network components described above may be implemented on anygeneral-purpose network component, such as a computer or networkcomponent with sufficient processing power, memory resources, andnetwork throughput capability to handle the necessary workload placedupon it. FIG. 5 illustrates a typical, general-purpose network component500 suitable for implementing one or more embodiments of the componentsdisclosed herein. The network component 500 includes a processor 502(which may be referred to as a central processor unit or CPU) that is incommunication with memory devices including secondary storage 504, readonly memory (ROM) 506, random access memory (RAM) 508, input/output(I/O) devices 510, and network connectivity devices 512. The processor502 may be implemented as one or more CPU chips, or may be part of oneor more application specific integrated circuits (ASICs).

The secondary storage 504 is typically comprised of one or more diskdrives or tape drives and is used for non-volatile storage of data andas an over-flow data storage device if RAM 508 is not large enough tohold all working data. Secondary storage 504 may be used to storeprograms that are loaded into RAM 508 when such programs are selectedfor execution. The ROM 506 is used to store instructions and perhapsdata that are read during program execution. ROM 506 is a non-volatilememory device that typically has a small memory capacity relative to thelarger memory capacity of secondary storage 504. The RAM 508 is used tostore volatile data and perhaps to store instructions. Access to bothROM 506 and RAM 508 is typically faster than to secondary storage 504.

At least one embodiment is disclosed and variations, combinations,and/or modifications of the embodiment(s) and/or features of theembodiment(s) made by a person having ordinary skill in the art arewithin the scope of the disclosure. Alternative embodiments that resultfrom combining, integrating, and/or omitting features of theembodiment(s) are also within the scope of the disclosure. Wherenumerical ranges or limitations are expressly stated, such expressranges or limitations should be understood to include iterative rangesor limitations of like magnitude falling within the expressly statedranges or limitations (e.g., from about 1 to about 10 includes, 2, 3, 4,etc.; greater than 0.10 includes 0.11, 0.12, 0.13, etc.). For example,whenever a numerical range with a lower limit, R_(l), and an upperlimit, R_(u), is disclosed, any number falling within the range isspecifically disclosed. In particular, the following numbers within therange are specifically disclosed: R=R_(l)+k*(R_(u)−R_(l)), wherein k isa variable ranging from 1 percent to 100 percent with a 1 percentincrement, i.e., k is 1 percent, 2 percent, 3 percent, 4 percent, 5percent, . . . , 50 percent, 51 percent, 52 percent, . . . , 95 percent,96 percent, 97 percent, 98 percent, 99 percent, or 100 percent.Moreover, any numerical range defined by two R numbers as defined in theabove is also specifically disclosed. Use of the term “optionally” withrespect to any element of a claim means that the element is required, oralternatively, the element is not required, both alternatives beingwithin the scope of the claim. Use of broader terms such as comprises,includes, and having should be understood to provide support fornarrower terms such as consisting of, consisting essentially of, andcomprised substantially of. Accordingly, the scope of protection is notlimited by the description set out above but is defined by the claimsthat follow, that scope including all equivalents of the subject matterof the claims. Each and every claim is incorporated as furtherdisclosure into the specification and the claims are embodiment(s) ofthe present disclosure. The discussion of a reference in the disclosureis not an admission that it is prior art, especially any reference thathas a publication date after the priority date of this application. Thedisclosure of all patents, patent applications, and publications citedin the disclosure are hereby incorporated by reference, to the extentthat they provide exemplary, procedural, or other details supplementaryto the disclosure.

While several embodiments have been provided in the present disclosure,it should be understood that the disclosed systems and methods might beembodied in many other specific forms without departing from the spiritor scope of the present disclosure. The present examples are to beconsidered as illustrative and not restrictive, and the intention is notto be limited to the details given herein. For example, the variouselements or components may be combined or integrated in another systemor certain features may be omitted, or not implemented.

In addition, techniques, systems, subsystems, and methods described andillustrated in the various embodiments as discrete or separate may becombined or integrated with other systems, modules, techniques, ormethods without departing from the scope of the present disclosure.Other items shown or discussed as coupled or directly coupled orcommunicating with each other may be indirectly coupled or communicatingthrough some interface, device, or intermediate component whetherelectrically, mechanically, or otherwise. Other examples of changes,substitutions, and alterations are ascertainable by one skilled in theart and could be made without departing from the spirit and scopedisclosed herein.

What is claimed is:
 1. An apparatus comprising: an optical network unit (ONU) configured to couple to an optical line terminal (OLT) and comprising an ONU management control interface (OMCI) management entity (ME), wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT, and wherein the attributes are written by the OLT and comprise: an OLT crypto capabilities attribute that specifies a cryptographic mechanism available at the OLT and comprises a bit map of 16 bytes where bit position one corresponds to an Advanced Encryption Standard (AES)-Cipher-based Message Authentication Code (CMAC)-128 algorithm, bit position two corresponds to a HMAC-SHA-256 algorithm, bit position three corresponds to a Hash-based Message Authentication Code (HMAC)-Secure Hash Algorithm (SHA)-512 algorithm, and bit positions four to 128 are reserved; an OLT random challenge table attribute that specifies a random challenge issued by the OLT and comprises an entry of 17 bytes; and an OLT challenge status attribute is a boolean attribute of one byte that reports a status of the OLT crypto capabilities attribute and the OLT random challenge table attribute.
 2. An apparatus comprising: an optical network unit (ONU) configured to couple to an optical line terminal (OLT) and comprising an ONU management control interface (OMCI) management entity (ME), wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT, and wherein the attributes are set by the ONU and comprise: an ONU crypto capabilities attribute comprising one byte and specifies a cryptographic capability selected by the ONU by specifying a bit position in the OLT crypto capabilities attribute that is set to one; an ONU random challenge table attribute that specifies a random challenge issued by the ONU and comprises an entry of 16 bytes; and an ONU authentication result table attribute comprising a result of authentication computation by the ONU according to the ONU selected crypto capabilities attribute and comprises an entry of 16 bytes that is generated in response to the OLT challenge status attribute.
 3. An apparatus comprising: an optical network unit (ONU) configured to couple to an optical line terminal (OLT) and comprising an ONU management control interface (OMCI) management entity (ME), wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT, and wherein the attributes comprise an ONU authentication state attribute that is set by the ONU, indicates a state of an authentication relationship from a perspective of the ONU, and comprises: a value of zero that represents an inactive state S0 when an authentication procedure is not active; a value of one that represents an OLT challenge pending state S1 when the authentication procedure is not completed; a value of two that represents an ONU challenge pending state S2 when the authentication procedure is not completed; a value of three that represents an authentication success state S3 when the authentication procedure is completed and the ONU has authenticated the OLT; a value of four that represents an authentication failure state S4 when the authentication procedure is completed and the ONU has not authenticated the OLT; and a value of five that represents an error state S5 when the authentication procedure could not be completed.
 4. An apparatus comprising: an optical network unit (ONU) configured to couple to an optical line terminal (OLT) and comprising an ONU management control interface (OMCI) management entity (ME), wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT, and wherein the attributes comprise: a broadcast key table attribute that is generated by the OLT and comprises a row of 18 bytes, wherein the row comprises a row control of one byte, a row identifier of one byte, and a key fragment of one byte, wherein the row control comprises two least significant bits that are set to 00 to set a specified row, to 01 to clear the specified row, to 10 to clear an entire table, or to 11 to indicate a reserved entry, wherein the row identifier comprises two most significant bits that represent a key index that appears in a header of an encrypted multicast Gigabit Passive Optical Network Encapsulation Method (GEM) frame, four least significant bits that identify a key fragment number, and two bits that are reserved, and wherein the key fragment specifies a fragment of a key.
 5. A method implemented by a processor device, the method comprising: exchanging a plurality of security attributes with an optical network unit (ONU) using an ONU management control interface (OMCI) channel, thereby providing a plurality of security features for communications from the ONU, wherein the attributes are exchanged without modifying a physical layer operation, administration, and management (PLOAM) channel between an optical line terminal (OLT) and the ONU; setting a plurality of OLT crypto capabilities and an OLT random challenge table at the ONU; setting an OLT challenge status to true at the ONU; receiving an ONU random challenge table and an ONU authentication result table from the ONU; getting a plurality of ONU selected crypto capabilities, an ONU random challenge table, and an ONU authentication result table from the ONU; setting an OLT authentication result table at the ONU; setting an OLT result status to true at the ONU; receiving an ONU authentication status from the ONU; and getting a master session key name from the ONU.
 6. A method implemented by a processor device, the method comprising: exchanging a plurality of security attributes with an optical network unit (ONU) using an ONU management control interface (OMCI) channel, thereby providing a plurality of security features for communications from the ONU, wherein the attributes are exchanged without modifying a physical layer operation, administration, and management (PLOAM) channel between an optical line terminal (OLT) and the ONU, and wherein an ONU authentication state is tracked by a state machine that comprises: an inactive state S0; an OLT challenge pending state S1; an ONU challenge pending state S2; and an authentication success state S3, an authentication failure state S4, or an authentication error state S5, wherein an ONU challenge pending timer T1 is used to abort an unsuccessful OLT authentication attempt by limiting a time of the ONU challenge pending state S2, wherein an authentication failure timer T2 is used to assert a mismatch of a master session key condition by limiting a time of the authentication failure state S4, and wherein an authentication error timer T3 is used to assert a failure of an authentication condition by limiting a time of the authentication error state S5.
 7. A method implemented by a processor device, the method comprising: exchanging a plurality of security attributes with an optical network unit (ONU) using an ONU management control interface (OMCI) channel, thereby providing a plurality of security features for communications from the ONU, wherein the attributes are exchanged without modifying a physical layer operation, administration, and management (PLOAM) channel between an optical line terminal (OLT) and the ONU; and performing a three step hash-based authentication sequence using get and set messages that comprise: Message 1: (Peer 1→peer 2) my_cryptographic_capabilities|random_challenge_(—)1; Message 2: (Peer 2→peer 1) selected_cryptographic_capabilities|random_challenge_(—)2|MsgHash (PSK, (selected_cryptographic_capabilities|random_challenge_(—)1|random_challenge_(—)2, peer_(—)1_identity)); and Message 3: (Peer 1→peer 2) MsgHash (PSK, (selected_cryptographic_capabilities|random_challenge_(—)2|random_challenge_(—)1|peer_(—)2_identity)), wherein MsgHash ( ) is a keyed hash function of the message, PSK is a pre-shared key known only to peers of a session, peer_(—)1_identity is equal to 0x0000000000000000, |is concatenation, and peer_(—)2_identity is the ONU's serial number.
 8. A method implemented by a processor device, the method comprising: exchanging a plurality of security attributes with an optical network unit (ONU) using an ONU management control interface (OMCI) channel, thereby providing a plurality of security features for communications from the ONU, wherein the attributes are exchanged without modifying a physical layer operation, administration, and management (PLOAM) channel between an optical line terminal (OLT) and the ONU, and wherein the ONU uses a master session key to encrypt a key transmitted in an encryption_key PLOAM message when the ONU is in an authentication state, wherein the master session key is defined as MasterSessionKey=SelectedHashFunction (PSK, (OLT random_challenge|ONU random challenge)), and wherein SelectedHashFunction ( ) is a hash function selected by the ONU in an ONU selected crypto capabilities attribute from a list supplied by the OLT. 